From patchwork Mon May 6 17:40:18 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gabriel de Perthuis X-Patchwork-Id: 2524781 Return-Path: X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id C87BCDF230 for ; Mon, 6 May 2013 17:40:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754270Ab3EFRkY (ORCPT ); Mon, 6 May 2013 13:40:24 -0400 Received: from mail-we0-f169.google.com ([74.125.82.169]:64995 "EHLO mail-we0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754134Ab3EFRkX (ORCPT ); Mon, 6 May 2013 13:40:23 -0400 Received: by mail-we0-f169.google.com with SMTP id x51so3362342wey.28 for ; Mon, 06 May 2013 10:40:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:content-type; bh=xR2jYlzmSfBeP6U2h7pZPjdzgUFD2G5ijnBP89dzy90=; b=kCyH/nCQURcoXmNfLsiCG60We8sJHcopXirbUMkkDE/l5qXq9OyWgm3/+14em4z14B qgeuBPMz1Njga/kohVcUVGJ+x0ZAOtCpwJbJKxqjzgcZNqJPjky6yNL2+75UZtTJLCLW g+oPPbWOI+YfvWfGXUJQfM1r+1HdILD266PyiRNr5n8d7vWAKhBqeLZhjcE6RTGGNsvk Y6RCh4XtvaZ89qIprmlHZxuMEJ0DKUnf9D741ouj7UHxZHksqUrjGdqB6x4zzV+wcKG9 aq6M7YOjVSdP7BIx0vxoa0pFD+GBentVemyP6qFuC31m85OSuSt7tnxguPQ/ww1S4s+y MPxg== X-Received: by 10.180.14.5 with SMTP id l5mr9930365wic.32.1367862022132; Mon, 06 May 2013 10:40:22 -0700 (PDT) Received: from ?IPv6:2a01:e35:8a2c:b230:307b:cbf1:6dd5:5164? ([2a01:e35:8a2c:b230:307b:cbf1:6dd5:5164]) by mx.google.com with ESMTPSA id v6sm4643499wiy.11.2013.05.06.10.40.20 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 06 May 2013 10:40:21 -0700 (PDT) Message-ID: <5187EB02.8030207@gmail.com> Date: Mon, 06 May 2013 19:40:18 +0200 From: Gabriel de Perthuis User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130404 Thunderbird/17.0.5 MIME-Version: 1.0 To: linux-btrfs@vger.kernel.org, Josef Bacik CC: linux-stable@vger.kernel.org, Tristan Seligmann Subject: [PATCH] btrfs: don't stop searching after encountering the wrong item Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org The search ioctl skips items that are too large for a result buffer, but inline items of a certain size occuring before any search result is found would trigger an overflow and stop the search entirely. Bug: https://bugzilla.kernel.org/show_bug.cgi?id=57641 Signed-off-by: Gabriel de Perthuis --- fs/btrfs/ioctl.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 95d46cc..b3f0276 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -1797,23 +1797,23 @@ static noinline int copy_to_sk(struct btrfs_root *root, for (i = slot; i < nritems; i++) { item_off = btrfs_item_ptr_offset(leaf, i); item_len = btrfs_item_size_nr(leaf, i); - if (item_len > BTRFS_SEARCH_ARGS_BUFSIZE) + btrfs_item_key_to_cpu(leaf, key, i); + if (!key_in_sk(key, sk)) + continue; + + if (sizeof(sh) + item_len > BTRFS_SEARCH_ARGS_BUFSIZE) item_len = 0; if (sizeof(sh) + item_len + *sk_offset > BTRFS_SEARCH_ARGS_BUFSIZE) { ret = 1; goto overflow; } - btrfs_item_key_to_cpu(leaf, key, i); - if (!key_in_sk(key, sk)) - continue; - sh.objectid = key->objectid; sh.offset = key->offset; sh.type = key->type; sh.len = item_len; sh.transid = found_transid;